Ongoing DPO Support

Although the GDPR is explicit about the DPO’s roles and responsibilities, it is a complex and very detailed role and there are many tasks that are implied in order to achieve the goal of ensuring organisational compliance.

Once we have established a baseline of compliance, we shall provide outsourced professional services to ensure that the organisation continues to be compliant. Activities will include, but not be limited to, the following:

  • Ensuring lawful processing at all times; protecting the rights of the Data Subjects.
  • Ensuring that proof of consent is recorded.
  • Advising on Data Protection by Design and Default
  • Advising on data retention / deletion policies and processes.
  • Annual refresher training on the GDPR.
  • Providing Data Processing Impact Assessments (DPIAs) and advising on risk mitigation. Any new data processing activities must have this risk assessment done.
  • Maintaining the Data Processing Activity Log.
  • Maintaining the Data Asset Risk Register.
  • Maintaining the Data Asset Register (this includes paper copies of files, microfiches as well as electronic storage media).
  • Communicating with Data Subjects when they send requests regarding their data.
  • Advising on the GDPR implications, thereby ensuring compliance, for any new data processing activities.
  • Advising on contractual obligations between the Data Controller and Data Processor as well as other supplier contracts.
  • Planning for a Personal Data Breach, including training all senior managers and running practice exercises.
  • Liaison with the Supervisory Authority (currently the Information Commissioner’s Office (ICO)) and other regulatory bodies. If there is a personal data breach the ICO must be informed within 72 hours.
  • Managing the legal, reputational and procedural requirements following a personal data breach.